function outputXML($errNum, $errMsgArr, $patientInfoPrep)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
if (isset($_POST['u'])) {
$user = $_POST['u'];
} else {
$user = "******";
}
if (isset($_GET['p'])) {
$target = $_GET['pat'];
} else {
$target = 'all';
}
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content><errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
$outputString .= "<PatientCount>" . $patientInfoPrep->rowCount() . "</PatientCount>\n";
while ($patientInfo = $patientInfoPrep->fetch(PDO::FETCH_ASSOC)) {
$outputString .= "<Patient>";
$outputString .= "<UserName>" . $patientInfo['UserName'] . "</UserName>\n";
$outputString .= "<FirstName>" . $patientInfo['FirstName'] . "</FirstName>\n";
$outputString .= "<LastName>" . $patientInfo['LastName'] . "</LastName>\n";
$outputString .= "<Sex>" . $patientInfo['Sex'] . "</Sex>\n";
$outputString .= "<Birthday>" . $patientInfo['Birthday'] . "</Birthday>\n";
$outputString .= "<SSN>" . $patientInfo['SSN'] . "</SSN>\n";
$outputString .= "<Email>" . $patientInfo['Email'] . "</Email>\n";
$outputString .= "<PhoneNumber>" . $patientInfo['PhoneNumber'] . "</PhoneNumber>\n";
$outputString .= "<CompanyName>" . $patientInfo['Company_Name'] . "</CompanyName>\n";
$outputString .= "<PlanType>" . $patientInfo['Plan_Type'] . "</PlanType>\n";
$outputString .= "<PlanNum>" . $patientInfo['Plan_Num'] . "</PlanNum>\n";
$outputString .= "<CoveragePercent>" . $patientInfo['Coverage_Percent'] . "</CoveragePercent>\n";
$outputString .= "<CoPay>" . $patientInfo['Co-Pay'] . "</CoPay>\n";
$outputString .= "<CoverageStart>" . $patientInfo['Coverage-Start'] . "</CoverageStart>\n";
$outputString .= "<CoverageEnd>" . $patientInfo['Coverage-End'] . "</CoverageEnd>\n";
$outputString .= "<FKDoctorID>" . $patientInfo['FK_DoctorID'] . "</FKDoctorID>\n";
$outputString .= "<Type>" . $patientInfo['Type'] . "</Type>\n";
$outputString .= "<PatientID>" . $patientInfo['PK_PatientID'] . "</PatientID>\n";
$outputString .= "<Locked>" . $patientInfo['Locked'] . "</Locked>\n";
$outputString .= "<NeedApproval>" . $patientInfo['NeedApproval'] . "</NeedApproval>\n";
$outputString .= "</Patient>";
logToDB($user . " access patient info for " . $target, $patientInfo['PK_member_id'], $user);
}
} else {
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct++;
}
if (!isset($memberInfo['PK_member_id'])) {
logToDB($user . " failed to access user info for " . $target, NULL, $user);
} else {
logToDB($user . " failed to access user info for " . $target, $memberInfo['PK_member_id'], $user);
}
}
$outputString .= "</content>";
return $outputString;
//return "SHIT";
}
function outputXML($errNum, $errMsgArr)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
/* $controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user.$pw.$controlString);
*/
global $db;
if (isset($_POST['u'])) {
$user = $_POST['u'];
} else {
$user = "******";
}
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content>\n";
$outputString .= "<errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
$outputString .= "<RESULT>SUCCESSFUL ADD COPAY!</RESULT>";
logToDB($user . " successfuly registered", NULL, $user);
} else {
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct++;
}
logToDB($user . " unsuccessful registered", NULL, $user);
}
$outputString .= "</content>";
return $outputString;
}
function outputXML($errNum, $errMsgArr, $memberInfo)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
global $db;
if (isset($_POST['u'])) {
$user = $_POST['u'];
} else {
$user = "******";
}
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content><errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
$outputString .= "<MedID>" . $_POST['med'] . "</MedID>";
logToDB($user . " update medication", $memberInfo['PK_member_id'], $user);
} else {
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct++;
}
if (!isset($memberInfo['PK_member_id'])) {
logToDB($user . " failed to update medication", NULL, $user);
} else {
logToDB($user . " failed to update medication", $memberInfo['PK_member_id'], $user);
}
}
$outputString .= "</content>";
return $outputString;
//return "SHIT";
}
function outputXML($errNum, $errMsgArr, $db)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
/* $controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user.$pw.$controlString);
*/
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content>\n";
$outputString .= "<errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
$outputString .= "<RESULT>SUCCESSFUL Service</RESULT>";
logToDB($_POST['u'] . " successful query", false, -1, $db);
} else {
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct++;
}
logToDB($_POST['u'] . " unsuccessful visit", false, -1, $db);
}
$outputString .= "</content>";
return $outputString;
}
function outputXML($errNum, $errMsgArr, $memberInfo, $medPrep, $precPrep)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
if (isset($_GET['u'])) {
$user = $_GET['u'];
} else {
$user = "******";
}
if (isset($_GET['pat'])) {
$target = $_GET['pat'];
} else {
$target = 'all';
}
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content><errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
if (!($medPrep == '')) {
$outputString .= "<MEDCOUNT>" . $medPrep->rowCount() . "</MEDCOUNT>\n";
while ($medArray = $medPrep->fetch(PDO::FETCH_ASSOC)) {
$outputString .= "<MedInfo>";
$outputString .= "<MedID>" . $medArray['PK_MedicationsID'] . "</MedID>\n";
$outputString .= "<Medication>" . $medArray['Medication'] . "</Medication>\n";
$outputString .= "<Dosage>" . $medArray['Dosage'] . "</Dosage>\n";
$outputString .= "<StartDate>" . $medArray['StartDate'] . "</StartDate>\n";
$outputString .= "<EndDate>" . $medArray['EndDate'] . "</EndDate>\n";
$outputString .= "</MedInfo>";
}
}
if (!($precPrep == '')) {
$outputString .= "<PRECCOUNT>" . $precPrep->rowCount() . "</PRECCOUNT>\n";
while ($precArray = $precPrep->fetch(PDO::FETCH_ASSOC)) {
$outputString .= "<PrecInfo>";
$outputString .= "<PrecID>" . $precArray['PK_ConditionID'] . "</PrecID>\n";
$outputString .= "<ConditionDesc>" . $precArray['Description'] . "</ConditionDesc>\n";
$outputString .= "</PrecInfo>";
}
}
logToDB($user . " access patient medical info for " . $target, $memberInfo['PK_member_id'], $user);
} else {
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct++;
}
if (!isset($memberInfo['PK_member_id'])) {
logToDB($user . " failed to access patient medical info for " . $target, NULL, $user);
} else {
logToDB($user . " failed to access patient medical info for " . $target, $memberInfo['PK_member_id'], $user);
}
}
$outputString .= "</content>";
return $outputString;
// return "STUFF";
}
function outputXML($errNum, $errMsgArr, $memberInfo)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
/*$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user.$pw.$controlString);
*/
global $db;
if (isset($_GET['u'])) {
$user = $_GET['u'];
} else {
$user = "******";
}
//START FORMATTING STRING; WRAP CONTENT TAG AROUND ENTIRE MESSAGE
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content>\n";
$outputString .= "<errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
//IF MEMBER PROFILE LOCKED OUTPUT LOCKED AS THE KEY
if ($memberInfo['Locked'] == 1) {
$outputString .= "<key>MEMBER PROFILE LOCKED</key>\n";
logToDB($memberInfo['UserName'] . " tried to login to locked account", NULL, $user);
} else {
//CREATE AUTH KEY AND GRAB ALL PERSONAL INFO FROM THE USER TABLE
$outputString .= "<key>" . $memberInfo['AUTHKEY'] . "</key>\n";
$outputString .= "<MemberID>" . $memberInfo['PK_member_id'] . "</MemberID>\n";
$outputString .= "<FirstName>" . $memberInfo['FirstName'] . "</FirstName>\n";
$outputString .= "<LastName>" . $memberInfo['LastName'] . "</LastName>\n";
$outputString .= "<Type>" . $memberInfo['Type'] . "</Type>\n";
$outputString .= "<UserName>" . $memberInfo['UserName'] . "</UserName>\n";
$outputString .= "<NeedApproval>" . $memberInfo['NeedApproval'] . "</NeedApproval>\n";
$outputString .= "<PersonalID>" . $memberInfo['PersonalID'] . "</PersonalID>";
//log successful login to the database
logToDB($memberInfo['UserName'] . " successfully logged in", $memberInfo['PK_member_id'], $user);
}
} else {
//run through error array and output into xml
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct += 1;
}
logToDB($user . " unsuccessful login", NULL, $user);
}
$outputString .= "</content>";
return $outputString;
}
function doService()
{
$user = strtoupper($_GET['u']);
$qry = "SELECT * FROM Users WHERE UserName='******' AND Password='******'p'] . "'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
if (mysql_numrows($result)) {
$retVal = outputXML('1', $user, $_GET['p']);
logToDB("Login Succeed", true, $member['PK_member_id']);
} else {
$retVal = outputXML('0', '', '');
logToDB("Login Fail", false, -1);
}
return $retVal;
}
function doService($url, $method, $levelForAll)
{
if ($method == 'GET') {
$user = strtoupper($_GET['u']);
$qry = "SELECT * FROM Users WHERE UserName='******'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
$pwd = $member['Password'];
$trustedKey = "xolJXj25jlk56LJkk5677LS";
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user . $pwd . $controlString);
$TRUST_KEY = md5($AUTH_KEY . $trustedKey);
$postKey = $_GET['key'];
// admin requesting info
if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $levelForAll) {
// request all users' info
if ($_GET['targetType'] == '' || $_GET['target'] == '') {
$retVal = outputXML('1', '', '', '');
//HEEEEEEEEERRRRRRRREEEE
logToDB($user . " accessing information for all users", true, $member['PK_member_id']);
} else {
$retVal = outputXML('1', '', $_GET['targetType'], $_GET['target']);
//HEEEEEEEEERRRRRRRREEEE
logToDB($user . " accessing information for user that has " . $_GET['targetType'] . " of " . $_GET['target'], true, $member['PK_member_id']);
}
} else {
if ($postKey == $TRUST_KEY) {
$retVal = outputXML('1', '', 'UserName', $user);
//HEEEEEEEEERRRRRRRREEEE
logToDB($user . " accessing information for self", true, $member['PK_member_id']);
} else {
if ($postKey == $AUTH_KEY) {
$retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION');
} else {
$retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
}
}
}
} else {
$retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
}
return $retVal;
}
function doService($url, $method, $level)
{
// method is POST
if (strcmp($method, "POST") == 0) {
$user = strtoupper($_POST['u']);
$qry = "SELECT * FROM Users WHERE UserName='******'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
$pwd = $member['Password'];
$trustedKey = "xolJXj25jlk56LJkk5677LS";
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user . $pwd . $controlString);
$TRUST_KEY = md5($AUTH_KEY . $trustedKey);
$postKey = $_POST['key'];
if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $level) {
$patientID = clean($_POST['patientID']);
$doctorID = clean($_POST['doctorID']);
$doctorMemberID = clean($_POST['doctorMemberID']);
$updateQry = "UPDATE Patient SET FK_DoctorID = '" . $doctorID . "' WHERE PK_PatientID = '" . $patientID . "'";
if (mysql_query($updateQry)) {
logToDB("Doctor added a patient", true, $doctorMemberID);
$retVal = outputXML('1', "PATIENT ADDED");
} else {
$retVal = outputXML('0', mysql_error());
}
} else {
if ($postKey == $AUTH_KEY) {
$retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO ADD PATIENTS');
} else {
$retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
}
}
} else {
$retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
}
$retVal .= "<br>{$updateQry}";
return $retVal;
}
function outputXML($errNum, $errMsgArr, $memberInfo)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
/*$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user.$pw.$controlString);
*/
global $db;
if (isset($_GET['u'])) {
$user = $_GET['u'];
} else {
$user = "******";
}
if (isset($memberInfo['PK_member_id'])) {
$myID = $memberInfo['PK_member_id'];
} else {
$myID = NULL;
}
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content>\n";
$outputString .= "<errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
$outputString .= "<RESULT>SUCCESSFUL REGISTER!</RESULT>";
logToDB($user . " changed doctor for a patient", $myID, $user);
} else {
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct++;
}
logToDB($user . " failed to change doctor for a patient", $myID, $user);
}
$outputString .= "</content>";
return $outputString;
}
function outputXML($result, $key, $numError, $ErrorString)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user . $pw . $controlString);
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content><result>" . $result . "</result>\n";
$getIDQry = "SELECT * FROM Users WHERE UserName='******'u'] . "'";
$getIDRes = mysql_query($getIDQry);
$rows = mysql_fetch_assoc($getIDRes);
$id = $rows['PK_member_id'];
if ($result == '1') {
logToDB($user . " changed password", true, $id);
$outputString .= "<key>" . $key . "</key>\n";
} else {
$outputString .= "<numerror>" . $numError . "</numerror>\n";
$outputString .= "<ERROR>" . $ErrorString . "</ERROR>\n";
logToDB($user . " failed to change password", true, $id);
}
$outputString .= "</content>";
return $outputString;
}
function outputXML($errNum, $errMsgArr, $patientInfoPrep)
{
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
if (isset($_POST['u'])) {
$user = $_POST['u'];
} else {
$user = "******";
}
if (isset($_GET['p'])) {
$target = $_GET['pat'];
} else {
$target = 'all';
}
/*
$outputString = '';
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content>\n";
while ($appt = $appoint->fetch(PDO::FETCH_ASSOC)) {
$outputString .= "<apptcount>".$numrows."<apptcount>\n";
//count for pat &doc
$outputString .= "<appointment>\n";
$outputString .= "<apptID>" . $appt['PK_AppID'] . "</apptID>\n";
$outputString .= "<date>" . $appt['Date'] . "</date>\n";
$outputString .= "<time>" . $appt['Time'] . "</time>\n";
$outputString .= "<doctor>" . $appt['DocName'] . "</doctor>\n";
$outputString .= "<reason>" . $appt['Reason'] . "</reason>\n";
$outputString .= "<remind>" . $appt['Reminder'] . "</remind>\n";
$outputString .= "</appointment>\n";
}
$outputString .= "</content>\n";
$retVal = $outputString;
*/
$outputString = '';
//start empty
$outputString .= "<?xml version=\"1.0\"?>\n";
$outputString .= "<content><errNum>" . $errNum . "</errNum>\n";
if ($errNum == 0) {
$outputString .= "<APPTCOUNT>" . $patientInfoPrep->rowCount() . "</APPTCOUNT>\n";
while ($patientInfo = $patientInfoPrep->fetch(PDO::FETCH_ASSOC)) {
$outputString .= "<Appointment>";
$outputString .= "<APPTID>" . $patientInfo['PK_AppID'] . "</APPTID>\n";
$outputString .= "<PatID>" . $patientInfo['FK_PatientID'] . "</PatID>\n";
$outputString .= "<REASON>" . $patientInfo['Reason'] . "</REASON>\n";
$outputString .= "<DATE>" . $patientInfo['Date'] . "</DATE>\n";
$outputString .= "<TIME>" . $patientInfo['Time'] . "</TIME>\n";
$outputString .= "<STATUS>" . $patientInfo['Status'] . "</STATUS>\n";
$outputString .= "</Appointment>";
logToDB($user . " access patient info for " . $target, $memberInfo['PK_member_id'], $user);
}
} else {
$ct = 0;
while ($ct < $errNum) {
$outputString .= "<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
$ct++;
}
if (!isset($memberInfo['PK_member_id'])) {
logToDB($user . " failed to access user info for " . $target, NULL, $user);
} else {
logToDB($user . " failed to access user info for " . $target, $memberInfo['PK_member_id'], $user);
}
}
$outputString .= "</content>";
return $outputString;
//return "SHIT";
}
